'\" t
.\"     Title: userdel
.\"    Author: Julianne Frances Haugh
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 07/22/2021
.\"    Manual: System Management Commands
.\"    Source: shadow-utils 4.9
.\"  Language: English
.\"
.TH "USERDEL" "8" "07/22/2021" "shadow\-utils 4\&.9" "System Management Commands"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
userdel \- delete a user account and related files
.SH "SYNOPSIS"
.HP \w'\fBuserdel\fR\ 'u
\fBuserdel\fR [options] \fILOGIN\fR
.SH "DESCRIPTION"
.PP
The
\fBuserdel\fR
command modifies the system account files, deleting all entries that refer to the user name
\fILOGIN\fR\&. The named user must exist\&.
.SH "OPTIONS"
.PP
The options which apply to the
\fBuserdel\fR
command are:
.PP
\fB\-f\fR, \fB\-\-force\fR
.RS 4
This option forces the removal of the user account, even if the user is still logged in\&. It also forces
\fBuserdel\fR
to remove the user\*(Aqs home directory and mail spool, even if another user uses the same home directory or if the mail spool is not owned by the specified user\&. If
\fBUSERGROUPS_ENAB\fR
is defined to
\fIyes\fR
in
/etc/login\&.defs
and if a group exists with the same name as the deleted user, then this group will be removed, even if it is still the primary group of another user\&.
.sp
\fINote:\fR
This option is dangerous and may leave your system in an inconsistent state\&.
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Display help message and exit\&.
.RE
.PP
\fB\-r\fR, \fB\-\-remove\fR
.RS 4
Files in the user\*(Aqs home directory will be removed along with the home directory itself and the user\*(Aqs mail spool\&. Files located in other file systems will have to be searched for and deleted manually\&.
.sp
The mail spool is defined by the
\fBMAIL_DIR\fR
variable in the
login\&.defs
file\&.
.RE
.PP
\fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR
.RS 4
Apply changes in the
\fICHROOT_DIR\fR
directory and use the configuration files from the
\fICHROOT_DIR\fR
directory\&.
.RE
.PP
\fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR
.RS 4
Apply changes in the
\fIPREFIX_DIR\fR
directory and use the configuration files from the
\fIPREFIX_DIR\fR
directory\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&.
.RE
.PP
\fB\-Z\fR, \fB\-\-selinux\-user\fR
.RS 4
Remove any SELinux user mapping for the user\*(Aqs login\&.
.RE
.SH "CONFIGURATION"
.PP
The following configuration variables in
/etc/login\&.defs
change the behavior of this tool:
.PP
\fBMAIL_DIR\fR (string)
.RS 4
The mail spool directory\&. This is needed to manipulate the mailbox when its corresponding user account is modified or deleted\&. If not specified, a compile\-time default is used\&.
.RE
.PP
\fBMAIL_FILE\fR (string)
.RS 4
Defines the location of the users mail spool files relatively to their home directory\&.
.RE
.PP
The
\fBMAIL_DIR\fR
and
\fBMAIL_FILE\fR
variables are used by
\fBuseradd\fR,
\fBusermod\fR, and
\fBuserdel\fR
to create, move, or delete the user\*(Aqs mail spool\&.
.PP
If
\fBMAIL_CHECK_ENAB\fR
is set to
\fIyes\fR, they are also used to define the
\fBMAIL\fR
environment variable\&.
.PP
\fBMAX_MEMBERS_PER_GROUP\fR (number)
.RS 4
Maximum members per group entry\&. When the maximum is reached, a new group entry (line) is started in
/etc/group
(with the same name, same password, and same GID)\&.
.sp
The default value is 0, meaning that there are no limits in the number of members in a group\&.
.sp
This feature (split group) permits to limit the length of lines in the group file\&. This is useful to make sure that lines for NIS groups are not larger than 1024 characters\&.
.sp
If you need to enforce such limit, you can use 25\&.
.sp
Note: split groups may not be supported by all tools (even in the Shadow toolsuite)\&. You should not use this variable unless you really need it\&.
.RE
.PP
\fBUSERDEL_CMD\fR (string)
.RS 4
If defined, this command is run when removing a user\&. It should remove any at/cron/print jobs etc\&. owned by the user to be removed (passed as the first argument)\&.
.sp
The return code of the script is not taken into account\&.
.sp
Here is an example script, which removes the user\*(Aqs cron, at and print jobs:
.sp
.if n \{\
.RS 4
.\}
.nf
#! /bin/sh

# Check for the required argument\&.
if [ $# != 1 ]; then
	echo "Usage: $0 username"
	exit 1
fi

# Remove cron jobs\&.
crontab \-r \-u $1

# Remove at jobs\&.
# Note that it will remove any jobs owned by the same UID,
# even if it was shared by a different username\&.
AT_SPOOL_DIR=/var/spool/cron/atjobs
find $AT_SPOOL_DIR \-name "[^\&.]*" \-type f \-user $1 \-delete \e;

# Remove print jobs\&.
lprm $1

# All done\&.
exit 0
      
.fi
.if n \{\
.RE
.\}
.sp
.RE
.PP
\fBUSERGROUPS_ENAB\fR (boolean)
.RS 4
Enable setting of the umask group bits to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007) for non\-root users, if the uid is the same as gid, and username is the same as the primary group name\&.
.sp
If set to
\fIyes\fR,
\fBuserdel\fR
will remove the user\*(Aqs group if it contains no more members, and
\fBuseradd\fR
will create by default a group with the name of the user\&.
.RE
.SH "FILES"
.PP
/etc/group
.RS 4
Group account information\&.
.RE
.PP
/etc/login\&.defs
.RS 4
Shadow password suite configuration\&.
.RE
.PP
/etc/passwd
.RS 4
User account information\&.
.RE
.PP
/etc/shadow
.RS 4
Secure user account information\&.
.RE
.PP
/etc/shadow\-maint/userdel\-pre\&.d/*, /etc/shadow\-maint/userdel\-post\&.d/*
.RS 4
Run\-part files to execute during user deletion\&. The environment variable
\fBACTION\fR
will be populated with
\fBuserdel\fR
and
\fBSUBJECT\fR
with the username\&.
userdel\-pre\&.d
will be executed prior to any user deletion\&.
userdel\-post\&.d
will execute after user deletion\&. If a script exits non\-zero then execution will terminate\&.
.RE
.PP
/etc/subgid
.RS 4
Per user subordinate group IDs\&.
.RE
.PP
/etc/subuid
.RS 4
Per user subordinate user IDs\&.
.RE
.SH "EXIT VALUES"
.PP
The
\fBuserdel\fR
command exits with the following values:
.PP
\fI0\fR
.RS 4
success
.RE
.PP
\fI1\fR
.RS 4
can\*(Aqt update password file
.RE
.PP
\fI2\fR
.RS 4
invalid command syntax
.RE
.PP
\fI6\fR
.RS 4
specified user doesn\*(Aqt exist
.RE
.PP
\fI8\fR
.RS 4
user currently logged in
.RE
.PP
\fI10\fR
.RS 4
can\*(Aqt update group file
.RE
.PP
\fI12\fR
.RS 4
can\*(Aqt remove home directory
.RE
.SH "CAVEATS"
.PP
\fBuserdel\fR
will not allow you to remove an account if there are running processes which belong to this account\&. In that case, you may have to kill those processes or lock the user\*(Aqs password or account and remove the account later\&. The
\fB\-f\fR
option can force the deletion of this account\&.
.PP
You should manually check all file systems to ensure that no files remain owned by this user\&.
.PP
You may not remove any NIS attributes on a NIS client\&. This must be performed on the NIS server\&.
.PP
If
\fBUSERGROUPS_ENAB\fR
is defined to
\fIyes\fR
in
/etc/login\&.defs,
\fBuserdel\fR
will delete the group with the same name as the user\&. To avoid inconsistencies in the passwd and group databases,
\fBuserdel\fR
will check that this group is not used as a primary group for another user, and will just warn without deleting the group otherwise\&. The
\fB\-f\fR
option can force the deletion of this group\&.
.SH "SEE ALSO"
.PP
\fBchfn\fR(1),
\fBchsh\fR(1),
\fBpasswd\fR(1),
\fBlogin.defs\fR(5),
\fBgpasswd\fR(8),
\fBgroupadd\fR(8),
\fBgroupdel\fR(8),
\fBgroupmod\fR(8),
\fBsubgid\fR(5), \fBsubuid\fR(5),
\fBuseradd\fR(8),
\fBusermod\fR(8)\&.
